package com.example.mybatis.demo.controller;

import com.example.mybatis.demo.model.UserInfo;
import com.example.mybatis.demo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;
    @RequestMapping("/selectUserList")
    public List<UserInfo> selectUserList() {
        return userService.selectUserList();
    }

    // 模拟登录时发生sql注入的场景
    @RequestMapping("/login")
    public boolean login(String userName, String password) {
        // 省略参数校验
        // 从数据库中验证账号密码是否正确
        UserInfo userInfo=userService.selectUserByNameAndPassword(userName,password);
        if(userInfo!=null){
            return true;
        } else {
            return false;
        }
    }
}
